1 bdNOG7 19-22 Nov 2017 Dhaka, Bangladesh Cryptography – SSL/TLS
1
bdNOG7
19-22 Nov 2017
Dhaka, Bangladesh
Cryptography –SSL/TLS
History
• Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent and secure transactions.
• In 1997 an Open Source version of Netscape’s patented version was created, which is now OpenSSL.
• In 1999 the existing protocol was extended by a version now known as Transport Layer Security (TLS).
• By convention, the term "SSL" is used even when technically the TLS protocol is being used.
2
SSL/TLS Protocol
3
Encrypted SSL/TLS data [HTTP]
Transport (TCP)
Internet
Network Access
Application (HTTP)
TLS/SSL: What it does
4
• Confidentiality– Encryption
• Integrity– Keyed hash (HMAC): TLS (authentication!)– Hash (MAC): SSL
• Authentication– certificates
SSL/TLS Operations
5
• Client connects to the server– To access a resource
• Public-key cryptography during initial handshake to authenticate and exchange session keys– PKI (X.509 Certificates)
• Symmetric key cryptography to encrypt and hash data– Master secret (shared secret) generated– Separate Encryption and Hashing keys from the master
secret
How SSL/TLS Works – Part 1
6
1Sends HelloMessage
2
Supported algorithms, random number
Algorithms, random number
3
4
Certificate
5 6Encrypted pre-master secret
Sends HelloMessage
AuthenticationServer
SendsCertificates
Generates randomvalue
(pre-master secret &encrypts it
with the server’spublic key)
Decrypts to retrievepre-master secret
7Calculates Keys 7 Calculates Keys
8 8Sends finishedmessage
Sends finishedmessage
9 9Data
SSL Data Transfer Phase
SSL Handshake Phase
CLIENT SERVER
Master Secret (shared)• Encryption key• Hashing key
Encrypted data
PKI
PKI – public key infra
7
• Digital (X.509) certificates – associates a public key with an individual or organization– public key of the subject!
Version
Serial Number
Signature Algorithm
Issuer Name
Validity Period
Subject Name
Subject Public Key
Issuer ID
Subject ID
Extensions (CRL)
PKI – Chain of Trust
8
• Root CA– Self-signed– Issue and sign ICA’s
certificate
• Intermediate CA– Issue and sign EE
certificate
• End Entity
Root CA
ICA ICA
EE EE EE EE
PKI – Example
9
• Client (browser) sends https request to google.com– browsers have trusted CA certificates
stored
• Web server sends back google.com’scertificate– Signed by Google ICA, plus– Google ICA’s certificate signed by root CA
(GeoTrust)
• Verify the certificates up the chain of trust– Once successfully verified, use the public
key
Root CA Cert
Signature (self-signed)
google.comCert
Signature (signed by ICA)
ICA Cert
Signature (signed by root)
How SSL/TLS Works – Part 2
10
1Sends HelloMessage
2
Supported algorithms, random number
Algorithms, random number
3
4
Certificate
5 6Encrypted pre-master secret
Sends HelloMessage
AuthenticationServer
SendsCertificates
Generates randomvalue
(pre-master secret &encrypts it
with the server’spublic key)
Decrypts to retrievepre-master secret
7Calculates Keys 7 Calculates Keys
8 8Sends finishedmessage
Sends finishedmessage
9 9Data
SSL Data Transfer Phase
SSL Handshake Phase
CLIENT SERVER
Master Secret (shared)• Encryption key• Hashing key
Encrypted data
Symmetric Encryption
Symmetric Encryption
11
• Once the server’s public key is verified up the chain of trust– The client generates a pre-master secret• C-random & S-random
– Sends to the server encrypted with server’s public key
• Both client and server generates the Master Secret– Uses the pre-master secret, C-random, and S-random with
the agreed key exchange cipher (eg: DH)
• Separate Encryption and Hashing keys generated from the Master secret– All future communication hashed and encrypted using the
symmetric keys
Trusted vs Non-trusted Certificate
12
Certificate Authority
13
Chinese CA WoSign faces revocation after issuing fake certificates of Github, Microsoft and Alibaba
14
https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I/discussion
Introducing Let’s Encrypt
15
• An open source CA– Proof your domain to get your digital (TLS/SSL) certificate– https://letsencrypt.org
Let’s Encrypt chain
16
• Let’s Encrypt ICA (X3) cross-signed by DST (IdenTrust)– Until ISRG (Internet Security Research Group) is trusted by
everyone
Introducing Let’s Encrypt
17
• Browsers and OS– https://community.letsencrypt.org/t/which-browsers-and-
operating-systems-support-lets-encrypt/4394
• Check your browser– https://wiki.apnictraining.net– (signed by Let’s Encrypt)
LABhttp:/ca.apnictraining.net/root-cert
18